A version of the NXP SDK that supports secure boot features. 5. Implementation Steps Step 1: Key Generation
If the hashes match, the ISBC uses the public key to verify the digital signature of the ESBC.
Maintain a strategy for revoking keys if a private key is compromised. qoriq trust architecture 2.1 user guide
Generate your RSA keys. Keep the private key in a Hardware Security Module (HSM) or a highly secure, offline environment. Step 2: Create the Boot Image
Beyond signing (authentication), use the SEC engine to encrypt the bootloader image on the flash to protect your intellectual property. A version of the NXP SDK that supports secure boot features
Set the physical pins or fuses to move the device from "Non-Secure" to "Secure" mode. In this mode, the CPU will refuse to boot any image that is not signed correctly. 6. Best Practices for Trust Architecture 2.1
This guide explores the core components, boot process, and implementation strategies for Trust Architecture 2.1. 1. What is QorIQ Trust Architecture 2.1? Maintain a strategy for revoking keys if a
You can test Secure Boot using "Development" keys without blowing fuses by using the SoC's override registers.
This is typically your primary bootloader (like U-Boot). While stored in external flash, it is signed with a private key. The ISBC verifies this signature before execution. C. Security Engine (SEC)